Boards Should Bring On Experts To Help Raise Their Cybersecurity IQ

© AdobeStock
The best candidates, while having the right technical expertise, are those who also approach the position with the goal of raising the board's overall "security IQ."

New SEC regulations, the rapid rise and adoption of AI, and ongoing global cybersecurity threats and challenges are putting increased pressure on executives and board members to recognize and address these potential risks to their organizations. Many boards are looking to bring on cybersecurity experts to help them navigate these challenges, as well as for broader insights on threat trends, security developments and other critical information to help them to stay ahead of the curve. But what does it mean to be a security expert on the board?

At a recent Google Cloud CISO event in New York City, Karenann Terrell, a member of the Google Cloud Advisory Board, told a story about how she attended a cybersecurity subcommittee meeting chaired by the cybersecurity leader on the board of an organization. The meeting took place ahead of the full board meeting and involved cybersecurity experts outside of the organization who brought unique perspectives.

“A board security expert shouldn’t be out to ask ‘stump the chump’ questions to the CISO,” she said at the event. Instead, choosing the right expert to sit on the board can be vital to an organization’s security success.

The best candidates, while having the requisite technical expertise, are those who also approach the position with the goal of raising the board’s overall “security IQ.” This means they should help guide productive security and risk conversations at the board level, and ask the most relevant questions including:

• Do we have the right protections in place?

• Are we using intelligence to identify and defend against the threats that matter most to us?

• Are our new technologies (such as artificial intelligence) or cloud architectures helping us be more inherently defended against threats?

• Are we practicing sound security fundamentals such as least privilege and hardening to reduce attack surface?

• Are we meeting our compliance requirements? Our second Perspectives on Security for the Board report builds on the concepts explored in our first report, which introduced the importance of board oversight for cyber risk and AI integration with security. The new report explores in-depth which questions are the best ones to ask to raise board security IQ. We cover the board’s security role and responsibilities in cloud adoption, shine a light on the latest threats and their impacts to business, and introduce Google’s Secure AI Framework (SAIF) to help ensure organizations use AI responsibly.

Securing AI systems with Google

Every new technology brings with it new security risks, and AI is no different. With generative AI advancements happening rapidly, Google is committed to ensuring that AI systems are not only safe for users but safe at the development level, too.

Google’s Secure AI Framework (SAIF) is a conceptual framework for secure AI systems that boards can use to help ensure their organizations utilize AI in a responsible way. SAIF offers a practical approach to address top-of-mind concerns for every organization, including security, AI/ML model risk management, and privacy and compliance.

We recommend boards work with their CISOs to implement SAIF’s six core elements in their organizations:

1. Expand strong security foundations to the AI Ecosystem  

2. Extend detection and response to bring AI into an organization’s threat universe

3. Automate defenses to keep pace with existing and new threats

4. Harmonize platform-level controls to ensure consistent security across the organization

5. Adapt controls to adjust mitigations and create faster feedback loops for AI deployment

6. Contextualize AI system risks in surrounding business processes  

Bolstering the board with security expertise

With this latest report, boards should have a better understanding of their role and responsibilities in risk management during cloud adoption, the global threat landscape and how to respond to threats, and how their organization can use AI in responsible and secure ways.

You can read more about Google Cloud’s security guidance for boards of directors in the full report, “Perspectives on Security for the Board.”

Become a CBM Network member and save at least 40% on your meeting registration!

Elevate your leadership game and drive meaningful change with CBM Network. As a member, you’ll have the tools you need to ask great questions on rapidly changing topics, make informed decisions, raise your profile, connect with new board opportunities and drive the success of your organization.

Save 40% on Boardroom Summit registration with a network-level membership or attend free at the council level. You’ll also receive discounts or free access to other top-notch events, training courses and credentialing programs – so you stay ahead of the curve.

More than that, you’ll join a dynamic community of board members and have expert advice, peer networking opportunities and educational tools at your fingertips. Don’t miss out on these incredible savings and opportunities – join the CBM Network today during your registration.